✨ Trigger email verification on OIDC register process

This will happen only if: - the oidc provider properly reports that user has a non-verified email - the oidc does not provides any way to know the email verification status
2025-01-23 23:18:48 -05:00 · 2024-02-27 14:17:00 +01:00 · 2024-02-27 14:17:00 +01:00 · ef632bcae7
commit ef632bcae7
parent b9ed0e1146
1 changed files with 10 additions and 4 deletions
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@ -20,7 +20,6 @@
   [app.http.client :as http]
   [app.http.session :as session]
   [app.loggers.audit :as audit]
-   [app.main :as-alias main]
   [app.rpc.commands.profile :as profile]
   [app.setup :as-alias setup]
   [app.tokens :as tokens]
@ -531,13 +530,21 @@
      (->> (redirect-response uri)
           (sxf request)))

-
    (if (auth/email-domain-in-whitelist? (:email info))
      (let [info   (assoc info
                          :iss :prepared-register
-                          :is-active true
                          :exp (dt/in-future {:hours 48}))
+
+            props  (:props info)
+            info   (if (or (:google/email_verified props)
+                           (:github/email_verified props)
+                           (:gitlab/email_verified props)
+                           (:oidc/email_verified props))
+                     (assoc info :is-active true)
+                     info)
+
            token  (tokens/generate (::setup/props cfg) info)
+
            params (d/without-nils
                    {:token token
                     :fullname (:fullname info)})
@ -548,7 +555,6 @@
        (redirect-response uri))
      (generate-error-redirect cfg "email-domain-not-allowed"))))

-
 (defn- auth-handler
  [cfg {:keys [params] :as request}]
  (let [props (audit/extract-utm-params params)